Re: Mandatory Legal Process (ACTION-57, ISSUE-28) from Tom Lowenthal on 2012-01-25 (public-tracking@w3.org from January 2012)

From: Tom Lowenthal <tom@mozilla.com>
Date: Wed, 25 Jan 2012 19:11:28 +0100
To: David Singer <singer@apple.com>, public-tracking@w3.org
Message-ID: <4F2045D0.7060509@mozilla.com>

I don't think we need anything apart from Jonathan's text. I'd argue 
that for process applied to data collected in a third party capacity, 
notification is a must; for first party data, a should; and for any 
breach where you must notify some users, you must notify all users.

On Wed 25 Jan 2012 06:43:06 PM CET, David Singer wrote:
>
> On Jan 25, 2012, at 16:12 , Jonathan Mayer wrote:
>
>> Proposed text:
>>
>> A party MAY take action contrary to the requirements of this standard if compelled by mandatory legal process.  To the extent allowed by law, the party MUST (SHOULD? MAY? non-normative?) notify affected users.
>
> which means we need a 'legal exception'?
>
>
>
> David Singer
> Multimedia and Software Standards, Apple Inc.
>
>

Received on Wednesday, 25 January 2012 18:12:12 UTC